import { SECRET_KEY } from '../constant/dbConfig.js'
import jwt from 'jsonwebtoken'

// 设置白名单接口
const whiteList = [
  '/api/system/register',
  '/api/system/login',
  '/h5/getComponentsList',
  '/h5/submitAnswer'
]

// 编写一个中间件，拦截所有请求验证token
const loginInterceptor = async (ctx, next) => {
  // 判断是否在白名单中
  if (whiteList.includes(ctx.path)) {
    await next()
    return
  }

  const token =
    ctx.headers.authorization && ctx.headers.authorization.split(' ')[1]

  if (!token) {
    ctx.status = 401
    ctx.body = { message: '用户未登录' }
    return
  }

  try {
    const decoded = jwt.verify(token, SECRET_KEY) // 验证并解析令牌
    ctx.state.user = decoded // 将解码后的用户信息存储在 ctx.state 中
    await next()
  } catch (err) {
    if (err.name === 'TokenExpiredError') {
      ctx.status = 401
      ctx.body = {
        message: '令牌已过期',
        error: err
      }
      return
    } else if (err.name === 'JsonWebTokenError') {
      ctx.status = 401
      ctx.body = {
        message: '无效的令牌',
        error: err
      }
      return
    } else {
      ctx.status = 500
      ctx.body = {
        message: '服务器错误',
        error: err
      }
      return
    }
  }
}

export default loginInterceptor
